Glossary
| AWS KMS (Key Management Service) | A service provided by AWS that allows users to create and manage cryptographic keys and control their use across AWS services and in applications. |
|---|---|
| AWS Nitro Card | Hardware component used in AWS Nitro Enclaves for enhanced security. It contributes to the attestation and integrity verification processes. |
| AWS Nitro Enclaves | An AWS feature that allows customers to create isolated compute environments to process highly confidential data. |
| AWS Root Certificate Authority (CA) | The root certificate authority of AWS’s certificate chain, used for establishing trust in AWS services. |
| Attestation | The process of verifying the integrity and authenticity of a system or component, typically by comparing its current state with a known, trusted baseline. |
| CLI (Command Line Interface) | A text-based interface used to interact with software and operating systems by typing commands into a console or terminal. |
| Container | A lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries, and settings. |
| Enclave | In the context of secure computing, an enclave refers to an isolated and secure environment within a hardware system where sensitive data can be processed. |
| Image Digest | A cryptographic hash value that uniquely represents a container image, used to verify its integrity. |
| JSON | JavaScript Object Notation, a widely used format for configuration and data files. |
| Manifest | A file containing metadata about other files, packages, or container images, typically used in software deployments to define what should be included. |
| PCR (Platform Configuration Register) | A secure storage area in a computing system that stores measurements (hashes) that reflect the system's state, used for attestation purposes. |
| Pod | The smallest deployable unit in Kubernetes, representing a single instance of a running process in a cluster. |
| Reproducible Builds | A software development process that ensures that a given source code will consistently generate an identical binary in successive build processes. |
| SDK (Software Development Kit) | A collection of software tools and libraries that developers use to create applications for specific platforms. |
| Secondary Manifest | A specific document used in OBLV to uniquely specify an enclave’s configuration. Its digest is used as a custom PCR within the attestation document for enhanced security verification. |
| TLS (Transport Layer Security) | A protocol that ensures privacy and data integrity between two communicating applications. |
